shows no opened ports for a router from public interface (router is an openwrt machine).
It drops all ICMP and only has IPv4 address (the only thing that it runs on public interface is an sshd server, but it's port knocked, so cannot be seen).

If we don't count the clients behind this router, and the attacker could be anyone (but only through public interface, so it's coming from the "internet") so Theoretically how much chance does the attacker has to crack/hack (whatever its used to be called to get a shell on the router, or do nasty things in it)?

Would it be hard for an attacker to get into this router, or are there any known methods?

2 Answers
2

First, an attacker who sees no ports open is either going to move on, or switch to attacking the clients. No reason to waste time beating their head against a wall unless there is something worth doing it for. It's not a "chance" that is being calculated, its Time/Money trade off. Port Knocking is a cool technology, but remember, it's just another layer that you've added to the complexity. If there is a vulnerability in that technology and since it's listening for certain ports to be hit, you've just increased the attack surface by one more technology. (Attacker finds out port knocking is in play then uses huge bytes on the right ports to over flow the traffic analyzer for the port knocking program). See what I mean? We are talking theoretical here.

You have actually asked 2 questions: how hard is it to crack, and what are my chances of getting hacked?

Being invisible helps reduce the number of attempts to probe your router for weaknesses. This alone reduces your chances of getting hacked by reducing the number of hack attempts. Your approach is not perfect, but it eliminates most random probes from targeting you. You are still open to a targeted attack where the attacker knows your IP. This can happen if your IP is logged by a connection you've made on the Internet (website, IRC, games, etc). One thing to note is that your nmap command is very limited. It is possible that your router might respond to other types of probes (nmap -sU -sC -A -p- , for instance)

The question of 'how hard is this to crack?' is different and you have not supplied enough data for us to know. Does your router software have known vulnerabilities? What port-knocking technique did you use? How complex are the passwords for sshd? Etc. Even if you told us all of these things, we can only give a wild guess.

It doesn't seem like OP is. This seems to me like the common pattern of, "I've done X and Y. Am I totally secure now? No? Okay, well now I did Z. Am I totally secure now? No?"
–
Stephen TousetNov 19 '12 at 23:56